After a full week of hellish delivery nonsense with FedEx, I finally received
my new hardware firewall from pfSense.

It has no fans, but it doesn't get very hot (just a tad warm, but cooler
than some of the switches I've had). When it starts, after establishing a
WAN connection, it plays a little tune, which I didn't quite expect.

I've used the pfSense software before. This thing has tons of bells and
whistles that should help me manage anything I might want to manage in my
network.

It has three NICs... one labelled 'WAN', another labelled 'LAN', and one
more labelled 'OPT'. I think for most home offices, this is perfect; the
WAN obviously connects nicely with the cable modem (or DSL, or whatever),
the LAN for the home computers that we use for browsing the internet or playing
games or whatever, and I could use OPT for servers that I'd like to run from
home.

Not that it matters how you actually set things up; the firewall treats each
of these equally, allowing tremendous flexibility in how you set up your environment.
But they do have some preliminary things set up that makes using the ports
in this fashion more convenient.

I haven't researched it yet, but it's my understanding this thing can allow
you to set up another set of IP addresses isolated from the usual set of IP
addresses that allow certain machines to communicate with each other in a
different network, yet the same ethernet segment. Depending on how fancy
I get with it, I might set up servers in OPT, and configure another set of
addresses for communicating with those servers such that only specific machines
have access to them for maintenance purposes, just as added security.

Or whatever. I've always kind of found this sort of thing nifty, but I haven't
had anything powerful enough to really play around.

pFsense is pretty cool stuff. I have a few in place and it has (for the most part) done what I wanted. There were rough edges that burned you for a bit in the earlier releases that seem to have been smoothed out in the later ones. You can do some complicated plumbing with those little boxes.

It has already addressed one of the little problems that annoyed me... something
related to occasional failed DNS queries from my original router.

Those queries are FAST. Very nice.

I have some new problems (my fault), but I figure eventually I'll figure
out how to resolve those. I divided my home into two networks because I didn't
have the logistics for the single network at the moment. Now, because my
printer is in another subnet, even though I can access that subnet, my computer
doesn't seem to want to work with it.

I want to replace all my switches anyway. They are all old 100T switches,
and I think 1000T seems to be normal these days.

1. The fucking cable modem that Comcast gave me doesn't do IPv6. So, if
I want to play with IPv6 in the general Internet, I need to replace this modem.
I want Comcast to do it... and since I'm a business customer, I can simply
cite a business need for it. Which is actually fairly true; I want to test
IPv6 for professional reasons.

2. It turns out, I can communicate with the printer just fine on the other
subnet. In fact, I can communicate with all the machines on the other subnet
without issue... pfSense is doing its job quite nicely, without having to
do much with the firewall. I had mistaken the lack of pings to one of the
computers on the other side as a sign that the packets were not making it
there, when in fact, they were, but Microsoft doesn't respond to pings outside
of its current subnet. When I pinged the printer directly, I got responses.
So,
getting the printer to work is more a matter of figuring out how to deal with
the damned drivers for the printer than networking... and the way to solve
that is to put the machine to communicate with the printer on the other subnet,
configure the printer, then return to my normal subnet. I haven't done this
yet, but I know it'll work.

3. I'm going to hold off on changing my switches. I want to let my money
build up for a little bit before I buy some gigabit switches. This will give
me a chance to research the kind of switches I want, etc.

My home network isn't really that complicated, but it probably will be as
I experiment with features. I only really have the following:

1. Two regularly-used computers that do the heaviest networking.
2. Wireless router for cell phones and laptops (visiting or personal).
3. Chromecast device on my television set, which communicates
wirelessly.
4. A tablet that can act as a full-fledged Microsoft OS 8.1 computer (for
developing closed-captioning stuff).
5. Raspberry Pi for playing/research
6. Two old laptops, one of which I think I'm giving away to Melvin's aunt.
7. Two cell phones, one decommissioned but used occasionally for two-phase
password crap that I haven't shifted to the other cell phone, and the other
I use as an actual cell-phone.
8. An Android tablet

Several of these devices work wirelessly, and I suspect I want to ensure
all the wireless stuff works over an alternative set of IP addresses rather
than the current set, just to keep them separated from the other machines.
That might be my first goal, to try and segregate wireless from wired (apparently,
my wireless router is more of a wireless bridge than router).

Ever since we moved into the new house I've had trouble with wifi. I can't
really move the main router, and I didn't like having to run two of them.
So I bought a commercial grade access point, a Cisco Aironet AP1242 on eBay
for $50.

These things sell for pretty cheap because they're usually found "in the
wild" with a dependency on Cisco's wireless controller hardware. But if you
know where to get the right firmware, and have the skills to reload it, they
can be turned into really good quality standalone access points.

Now I've got mine placed on a wall at the bottom of a stairway right in the
center of the house. The cable from it is completely concealed, as it runs
through the wall into the closet of my son's ground floor bedroom (yes I could
have probably just put the AP *in* the closet, but I'm a nerd and I want my
Cisco on display) and
I even got a midspan PoE injector back in the equipment rack to power it.

The wifi radio in the router has now been shut off, the second router has
been decommissioned, the whole house now has good coverage, and I am a happy
nerd.

You could have done the same thing with a home-built 5 Ghz discone antenna,
a small coax jumper, a receive pre-amp and a 5w transmit amplifier and...
oh, forgot, you don't have that ham license... <evil grin>

Oct 27 2014 1:52pm from IGnatius T Foobar @uncnsrd (Uncensored)
I could, but then I'd have a 5 GHz discone antenna, a small coax
jumper, a receive pre-amp and a 5w transmit amplifier sitting in my
stairway. I don't think the license would be the limiting factor.

The point was that it would no longer have to be in your stairway...
--K2NE

If there is even the slightest bit of "prepper" in you, the time to "take
up ham radio" is now.

There is a rapidly growing "movement" toward the establishment of a mesh
network using commercially available ethernet routers that also do WiFi -
on the shared band (WiFi and ham radio - I believe it is 5Ghz) where WiFi
channels 6 and up actually lie inside the (primary service) amateur radio
allocation.

There's ham-hacked firmware for the routers that qualify.
You can run up to the legal amateur radio limit in power output from the
transmitter (1,000 watts).
You can build and use any antenna system your brain can conjure.

You are no longer limited to "what is legal" under WiFi or WiLAN rules.

And just about, if not all, linux distros have the AX.25/ham
stuff either already built in, or easily installed via apt-get. (or your distro's
equivalent).

And since your 'uncensored' Citadel is - for all intent and purposes - completely
void of commercial content (meaning: nobody is buying or selling as a business;
used stuff is ham-legal), you could even have your BBS accessable via ham
packet radio.